22461d55473863dfe9d00ed2dc765d7f779caae4e5e385d9d53e87ec8a305d54

Sharing

Copy URL Twitter E-mail

General

Target

22461d55473863dfe9d00ed2dc765d7f779caae4e5e385d9d53e87ec8a305d54
Size

102KB
MD5

5d6e14615deb94f90ec73ed4a0a1fe96
SHA1

b4f6ef373882a5df3558d06756ff6bb6bffdd327
SHA256

22461d55473863dfe9d00ed2dc765d7f779caae4e5e385d9d53e87ec8a305d54
SHA512

c7011a75385bbc2e155063ea5e0bd879c6ef4d5467f8bf8b66504c1f3ebc6cf4959482d81399980a2c729abdb12314b01ec6740c4dea4d5e37e5f5e99cbeef02
SSDEEP

1536:/5ORa4Fh6KAhlA8M29xIlOOSJI7htStFlEKGuhypD7OMa7oLFPTrOw:/5QFkDAq9xIlOOSkS1aaQWn7oLZ

Score

N/A

Malware Config

Signatures

Files

22461d55473863dfe9d00ed2dc765d7f779caae4e5e385d9d53e87ec8a305d54
.dll windows x86

8bc60d785b548bb483488c678d909811

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
sscanf
strchr
_stricmp
malloc
free
memset
memcpy
atoi
strstr
_vsnprintf

ntdll

RtlUnwind

kernel32

GetModuleFileNameA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
InterlockedCompareExchange
InterlockedExchange
CreateThread
DuplicateHandle
SetCurrentDirectoryA
GetCurrentThreadId
OpenProcess
MapViewOfFile
CreateMutexA
CreateFileMappingA
IsBadStringPtrA
GetCurrentProcessId
lstrlenA
HeapFree
Sleep
HeapAlloc
GetProcessHeap
GetLastError
GetTickCount
ReadProcessMemory
WriteProcessMemory
CloseHandle
GlobalAlloc
GlobalFree
lstrcmpA
lstrcmpiA
ResetEvent
SetEvent
WaitForSingleObject
GetCurrentProcess
ReleaseMutex
UnmapViewOfFile
LocalFree
LocalAlloc
FindClose
FindFirstFileA
GetVersionExA
GetVersion
OpenEventA
OpenFileMappingA
OpenMutexA
CreateEventA

user32

LoadCursorA
CreateWindowExA
MsgWaitForMultipleObjects
PostThreadMessageA
SetWindowTextA
PeekMessageA
TranslateMessage
DispatchMessageA
ShowWindow
RegisterClassA
DefWindowProcA
PostQuitMessage
DestroyWindow
UnregisterClassA

advapi32

SetServiceObjectSecurity
SetSecurityInfo
RegisterServiceCtrlHandlerA
StartServiceA
RegOpenKeyA
CreateServiceA
RegCreateKeyA
OpenSCManagerA
DeleteService
QueryServiceConfigA
RegOpenKeyExA
SetServiceStatus
QueryServiceObjectSecurity
GetSecurityDescriptorDacl
BuildExplicitAccessWithNameA
SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CloseServiceHandle
InitializeAcl
FreeSid
IsValidSid
GetLengthSid
AllocateAndInitializeSid
AddAccessDeniedAce
AddAccessAllowedAce
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
QueryServiceStatusEx
EnumDependentServicesA
OpenServiceA
ControlService

wsock32

connect
setsockopt
socket
inet_ntoa
recv
WSAGetLastError
closesocket
WSAStartup
send

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

ws2_32

getaddrinfo
freeaddrinfo

Exports

Exports

InstallService
MSIInstallService
MSIUnInstallService
RundllInstallA
RundllUninstallA
ServiceMain
UninstallService

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8bc60d785b548bb483488c678d909811

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

kernel32

user32

advapi32

wsock32

version

ws2_32

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 35KB

.data Size: 61KB - Virtual size: 62KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 35KB - Virtual size: 35KB

.data
Size: 61KB - Virtual size: 62KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB